Privacy & Risk Summit

Thursday, March 22, 2018 8 CPEs
9:00 AM – 5:00 PM 

Information security programs must be built on a foundation of risk. Unfortunately, too many of today’s security teams are hyper focused on “keeping the bad guys out” instead of reducing risk to the organization. When every day brings a new report of a major compromise, it’s easy to get caught up in the here and now instead of looking holistically at how to maintain data and information confidentiality, integrity and availability. Taking that higher-level view, however, will lead to risk reduction (which is what the business wants from its security practitioners anyway) while allowing the security team to become more prepared to fight threats. 

During the Privacy & Risk Summit, we’ll take a look at how to move your team from a reactive posture to a risk-based, proactive program. By attending this event, you’ll learn the ins and outs of cyber insurance, why a focus on privacy can improve security and thus risk and how to quantify risk and communicate it throughout your organization.

9:00 AM – 10:30 AM 
The Legal Case for Cyber Risk Management
Shawn Tuma, Cybersecurity & Data Privacy Attorney, Scheef & Stone, L.L.P. 

“Cyber” has been treated as “just an IT issue” for far too long. It is not “just an IT issue”—cyber is an overall business risk issue that must be properly managed to comply with many laws and regulations. 

In this session we will examine the most impactful recent legal and regulatory developments including case updates, FTC enforcement actions, the New York Cybersecurity Regulations, and the GDPR. We will then examine how the application of these rules requires companies to have a robust and continuously maturing cyber risk management program as well as key elements the program must include.

10:45 AM - 12:15 PM 
Demystifying Cyber Insurance
Scott Kannry, CEO, Axio Global

There are many myths when it comes to cyber insurance and the role the insurance industry plays in a holistic cyber resilience strategy. Insurance has not always been popular among the security community, however, to reduce cyber risk across the organization, security leaders are looking at cyber insurance as a key consideration in the overall cyber security strategy.

In this session, we will debunk the common myths and focus on realities of cyber insurance and the positive role the insurance industry plays in managing cyber risk and supporting a holistic cyber resilience strategy

12:15 PM – 1:15 PM Networking Lunch

1:15 PM – 2:00 PM 
Third-party risk 
Grant Sewell, Cyber Security & Risk Leader

Third-party risk is rapidly becoming a focus to many organizations, but is it something that can be truly managed effectively? Companies tend to overlook some of their most critical third-party relationships, security reports don’t paint a complete picture of risk, and assessments can be a burden on time and resources. 

In this session, we will have an open discussion on the challenges facing companies as they assess the risk brought to them by third parties, including the criticality of the roles played by the CISO, risk management, legal, and procurement.

2:00 PM – 3:00 PM 
Impact Assessment & Threat Picture
Grant Sewell, Cyber Security & Risk Leader

Creating an accurate picture of the threats facing your company isn’t an easy task. There is an abundance of frameworks, strategies, recommendations, and approaches at your fingertips. Determining the best path for your organization is the first challenge, but now you have to assess, review, and communicate the results.

In this session, we’ll review some of the options available to CISOs for threat modeling. Additionally, we’ll take a step further and discuss methods for impact assessment and threat likelihood, as well as best practices for applying this data to your security strategy and your communication with the board of directors.

3:15 PM – 4:45 PM 
Quantification Tabletop
Scott Kannry, CEO, Axio Global

Absent silver bullets and unlimited budgets, security leaders, and risk professionals have to make tradeoffs while executing a cyber risk management strategy. Utilizing an exposure-centric methodology is an effective way to ensure that dollars are being spent wisely and towards the firm’s most significant exposures, not just towards a large list of vulnerabilities that often lacks appropriate prioritization. But where to start? 

This interactive tabletop exercise will walk participants through a simple cyber exposure quantification framework, where the only prerequisites are the ability to think reasonably and interact with others.

4:45 PM – 5:00 PM 
Closing Remarks